Using the latest version of Nessus (from CVS), we get false positives from iis_auth_scheme.nasl (Find if IIS server allows BASIC and/or NTLM authentication). The report claims that NTLM is enabled while the sysadmin claims it's not. When I connect to the server by hand I get: # telnet target 1234 Trying 1.2.3.4... Connected to target. Escape character is '^]'. GET / HTTP/1.1 Host: target HTTP/1.1 401 Unauthorized Content-Length: 1656 Content-Type: text/html Server: Microsoft-IIS/6.0 WWW-Authenticate: Basic realm="x.y" X-Powered-By: ASP.NET Date: Fri, 18 Jun 2004 09:14:42 GMT So I see the basic auth here, no NTLM. According to http://www.networknewz.com/networknewz-10-20031113AuthenticationinIIS.html the server should have replied for NTLM authentication with: HTTP/1.1 401 Access Denied WWW-Authenticate: Negotiate WWW-Authenticate: NTLM FWIW, when given the "Authorization: NTLM" request, the server indeed replied with "401 Unauthorized". So either IIS is doing something bad or the Nessus code needs to be improved... Does anybody understand enough all this to know whether iis_auth_scheme.nasl does the right thing or not? Cheers, __________________________________________________________ Lionel Cons http://cern.ch/lionel.cons CERN http://www.cern.ch _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Fri Jun 18 2004 - 02:41:39 PDT